Solved

Problem with VLAN routing on Cisco 3560X

Posted on 2012-03-21
6
1,460 Views
Last Modified: 2012-03-23
We have configured three VLANs on new Catalyst 3560X, but for some reson routing is not working correctly - you can ping some computers while other are unreachable.

Strange thing is that show ip route displays 2 connected networks for each VLAN, for example:

C  10.0.0.1/24 is directly connected, VLAN10
L  10.0.0.1/32 is directly connected, NLAN10

We can ping switch from the connected computer, but can not ping computer from the switch, even if it is on VLAN10.

Any sugesstions?
0
Comment
Question by:singring
6 Comments
 
LVL 10

Expert Comment

by:Netty
ID: 37750555
Show us your config, please.
0
 
LVL 16

Expert Comment

by:InteraX
ID: 37751708
The output you show on line 2 above doesn't look quite right. Have you just re-typed the output and made some charachter mistakes?

Have you enabled private vlans or something similar?

A config output would help.
0
 

Author Comment

by:singring
ID: 37754924
Hi,

This is our problem - the output in line 2 does not look right. I'm posting output of show running-config, show vlan and show ip route with computer connected to gi0/2 on VLAN10:

QW-Switch#sh run
Building configuration...

Current configuration : 7724 bytes
!
! Last configuration change at 18:17:18 CST-6 Sun Feb 28 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname QW-Switch
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$6Az6$XERvnknlO1CUK6meW0Ck0/
!
username user password 7 15314D3E167938772921362A
no aaa new-model
clock timezone CST-6 -6 0
clock summer-time time recurring
system mtu routing 1500
no ip source-route
ip routing
!
!
no ip domain-lookup
ip domain-name aaa.com
vtp domain aaa.com
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-54201088
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-54201088
 revocation-check none
 rsakeypair TP-self-signed-54201088
!
!
crypto pki certificate chain TP-self-signed-54201088
 certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 35343230 31303838 301E170D 39333033 30313030 30313333
  5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
  2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D353432 30313038
  3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A9C3
  4FA024A9 27B4A999 B1DFB280 0303F240 F11B5EB1 7CD9C2D5 CECCE41C 21727B88
  5EB2130A 7A9B4A30 576563D9 59829CE8 BD57F186 AF3F1789 69C8BC78 A954D496
  78453A3F 3F835D04 5F7F7260 5D56D8F2 4965C35B 849493FC 68492547 796B2E7C
  A733621C A540067C 332A6BDC 39F7FDE5 AD94BB54 6B8EDE47 46B690A4 8F7D0203
  010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603 551D1104
  0E300C82 0A51572D 53776974 63682E30 1F060355 1D230418 30168014 2A24B484
  87BA5BE0 9ECA4B6C 6395F57F 8A0A41CB 301D0603 551D0E04 1604142A 24B48487
  BA5BE09E CA4B6C63 95F57F8A 0A41CB30 0D06092A 864886F7 0D010104 05000381
  810001EC F7AB5472 29DBB857 6BEE15CB 125F22E2 E64E8297 C47BB913 E6BFA1B6
  4F391F71 08B3F055 1A2B680B 05666D64 273D128C 85DD9F0A F0679EA4 B9C5F2C1
  908FE753 F6C35CAF 6F35FCB9 6CBCE02B ACE8945F 8299BE4B 744FFB4A C9E7C4D1
  10C2E3EC 60EC1440 7174C60C CEA4B9BF BF2ED536 08B5F296 F918002B CB7FDCE5 C089
        quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 10
 name vlan10
!
vlan 11
 name vlan11
!
vlan 12
 name vlan12
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
interface FastEthernet0
 no ip address
 no ip route-cache
 no ip mroute-cache
!
interface GigabitEthernet0/1
 description VLAN10
 switchport access vlan 10
 switchport mode access
 speed 1000
 duplex full
!
interface GigabitEthernet0/2
 description VLAN10
 switchport access vlan 10
 switchport mode access
 speed 1000
 duplex full
!
.
.
.
!

interface GigabitEthernet0/23
 description VLAN12
 switchport access vlan 12
 switchport mode access
 speed 1000
 duplex full
!
interface GigabitEthernet0/24
 description VLAN12
 switchport access vlan 12
 switchport mode access
 speed 1000
 duplex full
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
 no ip address
!
interface Vlan10
 description Internal
 ip address 10.1.0.5 255.255.255.0
 no ip redirects
 standby 10 ip 10.1.0.1
 standby 10 priority 255
 standby 10 preempt
!
interface Vlan11
 description Data
 ip address 10.1.1.5 255.255.255.0
 no ip redirects
 standby 11 ip 10.1.1.1
 standby 11 priority 255
 standby 11 preempt
!
interface Vlan12
 description DMZ
 ip address 10.1.2.5 255.255.255.0
 no ip redirects
 standby 12 ip 10.1.2.1
 standby 12 priority 255
 standby 12 preempt
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.0.2
!
ip sla enable reaction-alerts
logging esm config
no cdp run
!
banner motd ^C
Warning Notice:

^C
!
line con 0
 exec-timeout 4 0
 password 7 08020A7C1B4A164413190F0C
 logging synchronous
 login
line vty 0 4
 exec-timeout 4 0
 password 7 08020A7C1B4A164413190F0C
 login local
 transport input ssh
line vty 5 15
 exec-timeout 4 0
 password 7 112A5F370541185F0538282C
 login local
 transport input ssh
!
ntp server 204.70.128.1
ntp server 204.70.57.242
end










QW-Switch#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
10   vlan10                           active    Gi0/1, Gi0/2, Gi0/3, Gi0/4
                                                Gi0/5, Gi0/6, Gi0/7, Gi0/8
11   vlan11                           active    Gi0/9, Gi0/10, Gi0/11, Gi0/12
                                                Gi0/13, Gi0/14, Gi0/15, Gi0/16
12   vlan12                           active    Gi0/17, Gi0/18, Gi0/19, Gi0/20
                                                Gi0/21, Gi0/22, Gi0/23, Gi0/24
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
10   enet  100010     1500  -      -      -        -    -        0      0
11   enet  100011     1500  -      -      -        -    -        0      0
12   enet  100012     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------












QW-Switch#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 10.1.0.2 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.1.0.2
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.1.0.0/24 is directly connected, Vlan10
L        10.1.0.5/32 is directly connected, Vlan10
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 16

Assisted Solution

by:InteraX
InteraX earned 250 total points
ID: 37755069
You haven't configured 'ip subnet zero'.

It may not make any difference, but may help.

I have just read
https://supportforums.cisco.com/docs/DOC-16385 which discusses local routes. These should be ignored.

Can you give us some details on which ports the computers are plugged into and what IP addresses they have? Also, which pings work from where to where and which ones don't.
0
 
LVL 15

Accepted Solution

by:
Nayyar HH (CCIE RS) earned 250 total points
ID: 37755280
I believe everything is normal - the L - local routes are used by Multi-topology routing (MTR)
which is supported in IOS 15.0 you are running. Nothing to worry about.

Check Firewall on PC i think this might be blocking inbound icmp requests
0
 

Author Comment

by:singring
ID: 37758487
I'm not sure if it was missing ip subnet-zero, or maybe just overheating (we had 90+ degrees temperature in the office over last few days). Anyway, routing is working perfectly today even if these local routes stay in the routing table.

Thank you for your help.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now